[Zope-Checkins] CVS: Zope3/lib/python/Zope/App/Security/tests - testZSP.py:1.1.2.8.2.4

Casey Duncan casey_duncan@yahoo.com
Mon, 11 Feb 2002 17:03:20 -0500 

Update of /cvs-repository/Zope3/lib/python/Zope/App/Security/tests
In directory cvs.zope.org:/tmp/cvs-serv27523/tests

Modified Files:
      Tag: Zope-3x-security_defactor-branch
	testZSP.py 
Log Message:
Fixed security behavior on cascades between placeful and global settings for principal permissions and roles. Added tests for this behavior. Fixed permission adapter APIs to reflect the use of ids instead of objects for security settings.


=== Zope3/lib/python/Zope/App/Security/tests/testZSP.py 1.1.2.8.2.3 => 1.1.2.8.2.4 ===
         self.failUnless(self.policy.checkPermission(
             test, ob, Context(self.jim)))
+        # Make sure global principal permissions override placeful role perms
+        principalPermissionManager.denyPermissionToPrincipal(
+            test, self.jim)
+        self.failIf(self.policy.checkPermission(
+            test, ob, Context(self.jim)))
+        principalPermissionManager.unsetPermissionForPrincipal(
+            test, self.jim)
                     
     def testPlayfulPrinciplePermissions(self):
         APPM = AttributePrincipalPermissionManager
@@ -193,6 +200,16 @@
         APPM(ob3).unsetPermissionForPrincipal(test, self.jim)
         self.failIf(self.policy.checkPermission(test, ob,
                                                 Context(self.jim)))
+        # make sure placeful principal permissions override global ones
+        APPM(ob).grantPermissionToPrincipal(test, self.tim)
+        principalPermissionManager.denyPermissionToPrincipal(
+            test, self.tim)
+        self.failUnless(self.policy.checkPermission(test, ob,
+                                                    Context(self.tim)))
+        principalPermissionManager.unsetPermissionForPrincipal(
+            test, self.tim)
+
+
                                              
         
     def test_validate(self):
@@ -228,28 +245,6 @@
     def __init__(self):
         self._roles       = { 'test' : {} }
         self._permissions = { 'Manager' : {} , 'Peon' : {} }
-
-class Adaptor:
-    __implements__ = IRolePermissionManager
-
-    def __init__(self, context):
-        self._context     = context
-        
-    def getPermissionsForRole(self, role):
-        return self._context._permissions.get(role, {}).keys()
-
-    def getRolesForPermission(self, permission):
-        return self._context._roles.get(permission, {}).keys()
-
-    def getPermissionAcquired(self, permission):
-        return 1
-
-    def grantPermissionToRole(self, permission, role):
-        self._context._permissions[role][permission] = 1
-        self._context._roles[permission][role]       = 1
-
-    def setPermissionAcquired(self, permission, flag):
-        raise TypeError
     
 def test_suite():
     loader=unittest.TestLoader()